libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/documentation/server_admin/topics/account.adoc
andymunro d4cee15c3a
Correct Securing Apps Guide (#24730) 
* Correcting Securing Apps guide

Closes #24729

Signed-off-by: AndyMunro <amunro@redhat.com>

* Update docs/documentation/securing_apps/topics/saml/java/general-config/sp_role_mappings_provider_element.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: AndyMunro <amunro@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-14 11:04:55 +01:00

161 lines
5.2 KiB
Text
Raw Blame History

[[_account-service]]
== Account Console
{project_name} users can manage their accounts through the Account Console. Users can configure their profiles, add two-factor authentication, include identity provider accounts, and oversee device activity.
[role="_additional-resources"]
.Additional resources
* The Account Console can be configured in terms of appearance and language preferences. An example is adding attributes to the *Personal info* page by clicking *Personal info* link and completing and saving details. For more information, see the {developerguide_link}[{developerguide_name}].
=== Accessing the Account Console
Any user can access the Account Console.
.Procedure
. Make note of the realm name and IP address for the {project_name} server where your account exists.
. In a web browser, enter a URL in this format: _server-root_{kc_realms_path}/{realm-name}/account.
. Enter your login name and password.
.Account Console
image:images/account-console-intro.png[Account Console]
=== Configuring ways to sign in
You can sign in to this console using basic authentication (a login name and password) or two-factor authentication. For two-factor authentication, use one of the following procedures.
==== Two-factor authentication with OTP
.Prerequisites
* OTP is a valid authentication mechanism for your realm.
.Procedure
. Click *Account security* in the menu.
. Click *Signing in*.
. Click *Set up authenticator application*.
+
.Signing in
image:images/account-console-signing-in.png[Signing in]
. Follow the directions that appear on the screen to use either
https://freeotp.github.io/[FreeOTP] or https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2[Google Authenticator] on your mobile device as your OTP generator.
. Scan the QR code in the screen shot into the OTP generator on your mobile device.
. Log out and log in again.
. Respond to the prompt by entering an OTP that is provided on your mobile device.
==== Two-factor authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid two-factor authentication mechanism for your realm. Please follow the xref:webauthn_{context}[WebAuthn] section for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key*.
+
.Signing In
image:images/account-console-signing-in-webauthn-2factor.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor.
==== Passwordless authentication with WebAuthn
.Prerequisites
* WebAuthn is a valid passwordless authentication mechanism for your realm. Please follow the <<_webauthn_passwordless,Passwordless WebAuthn section>> for more details.
.Procedure
. Click *Account Security* in the menu.
. Click *Signing In*.
. Click *Set up Security Key* in the *Passwordless* section.
+
.Signing In
image:images/account-console-signing-in-webauthn-passwordless.png[Signing In With Security Key]
. Prepare your WebAuthn Security Key. How you prepare this key depends on the type of WebAuthn security key you use. For example, for a USB based Yubikey, you may need to put your key into the USB port on your laptop.
. Click *Register* to register your security key.
. Log out and log in again.
. Assuming authentication flow was correctly set, a message appears asking you to authenticate with your Security Key as second factor. You no longer need to provide your password to log in.
=== Viewing device activity
You can view the devices that are logged in to your account.
.Procedure
. Click *Account security* in the menu.
. Click *Device activity*.
. Log out a device if it looks suspicious.
.Devices
image:images/account-console-device.png[Devices]
=== Adding an identity provider account
You can link your account with an <<_identity_broker, identity broker>>. This option is often used to link social provider accounts.
.Procedure
. Log into the Admin Console.
. Click *Identity providers* in the menu.
. Select a provider and complete the fields.
. Return to the Account Console.
. Click *Account security* in the menu.
. Click *Linked accounts*.
The identity provider you added appears in this page.
.Linked Accounts
image:images/account-console-linked.png[Linked Accounts]
=== Accessing other applications
The *Applications* menu item shows users which applications you can access. In this case, only the Account Console is available.
.Applications
image:images/account-console-applications.png[Applications]
=== Viewing group memberships
You can view the groups you are associated with by clicking the *Groups* menu.
If you select *Direct membership* checkbox, you will see only the groups you are direct associated with.
.Prerequisites
* You need to have the *view-groups* account role for being able to view *Groups* menu.
.View group memberships
image:images/groups_account_console.png[View group memberships]
Reference in a new issue View git blame Copy permalink